Are you looking for ways to move files between storage platforms and confused by all the options? Have you been told that you "need an SFTP" but then come across very similar-sounding acronyms like SFTP, SCP, and FTPS? If you're unfamiliar with the different transfer protocols, navigating through the differences, similarities, and overlap can be overwhelming.
In this article, we'll give a high-level overview of what a transfer protocol is and the differences between five popular protocols: FTP, SFTP, FTPS, SCP, and Rsync, along with the capabilities, pros, and cons of each. And, because SFTP is the most secure and commonly used transfer protocol today, we'll compare each of the other protocols to SFTP and talk about their comparative advantages.
What is a transfer protocol?
Put simply, a transfer protocol refers to the rules and requirements for transferring files between devices. When you drag and drop a file between different folders on a computer, it's a simple process. And if you have two laptops, you could simply move a folder to a USB drive, plug that drive into the second device, and download the files.
But what about when trying to send files somewhere very far away? It's not feasible to upload files to a portable hard drive, ship that hard drive to the other side of the world, and have the person on the other side plug it in just to get a few files. Especially when business-critical processes rely on getting access to those files right away.
This is where transfer protocols come into play. When transferring files, there are a lot of unknowns. How do you know the computer belongs to the right party? How can you be sure the file makes it to them? What about hackers trying to intercept it? And most fundamentally, how does the data itself actually get there?
The answer is that there are multiple different ways to get files between remote devices. Each method of transfer is a separate transfer protocol that has an agreed-upon set of parameters for transferring files. The protocol specifies how the devices connect, how they authenticate, and how the data itself is transferred.
Now, we'll go into how these different protocols work and the differences between them, starting with the original: FTP.
FTP
Standing for File Transfer Protocol, FTP was developed in the 70s as a way to transfer files over a network, with the last major update in the late 90s.
Usually, FTP is done through a client–an application that initiates the connection–and a server — the software that facilitates the transfer to the remote destination. Once the FTP server and client are connected, data can then be transferred between the two systems. With FTP, you can transfer files, as well as remotely connect to the destination to modify, rename, and delete files and directories.
The biggest drawback of FTP is that data is not encrypted in transit. This means that if the file is intercepted midstream, the data will be in a usable format. Personal information is at risk when using FTP, including usernames and even passwords, which are sent in cleartext instead of the typical hashed (****) form.
So while FTP became an efficient way to move large files over a network, the security risks have become more and more pronounced as methods to intercept data have become more sophisticated.
For a deeper look into FTP, check out the article What is FTP and how does it work?
What is Secure FTP?
As mentioned above, FTP in its default form isn't secure. However, many machines and pieces of software still rely on it. Secure FTP works as a sort of stopgap for when the only option to transfer files is via FTP.
Secure FTP refers to any file transfer protocol that adds encryption for security. FTPS (sometimes called FTP over SSL) is an example of secure FTP that we'll talk about in more detail later on.
SFTP
While FTP is powerful, the vulnerabilities are too much of a risk for sensitive data like financial, personal, and health information. As a result, a more secure form of FTP known as SFTP (Secure File Transfer Protocol) was developed with similar features but additional protections. SFTP has a very similar name to FTP, but it's actually an entirely separate protocol.
SFTP makes use of the SSH (Secure Shell) protocol, which requires authentication. Typically, this authentication is done through a username and password combination and/or making use of SSH keys. With SSH, a client makes contact with a server, which then sends back an encryption key. Then, a secure channel is opened between the two so data can be transmitted.
Because of the encryption key, even if the data is intercepted, it will be unreadable. While there is no single required encryption method, SSH typically uses AES or Blowfish encryption and always requires some sort of authentication method before data is transmitted.
For a deeper look into SFTP and its technical components, check out our article A comprehensive guide to Secure File Transfer Protocol.
SFTP vs FTP
While at a glance Secure File Transfer Protocol seems like it is simply File Transfer Protocol with added security, the two protocols are actually functionally different.
SFTP requires authentication methods to function, and everything is done through a single port (a communication endpoint for sending or receiving data), which typically makes it faster and easier to protect. FTP has multiple open ports that can make it both slower and easier to intercept the data.
Because SFTP is the modern standard, experts recommend using it when possible, and many newer systems will use SFTP or another secure protocol with no option for FTP.
The main advantage of FTP is that it’s easier to connect to–the same reason why it’s not advised for moving sensitive data. However, some legacy systems don’t support SSH and thus can’t connect using SFTP, leaving FTP as the best option to transfer files.
There are ways to bridge these gaps, however. This is one of the primary use cases of Couchdrop. Couchrop can work as an FTP to SFTP bridge, and it can also go a step further by augmenting cloud storage with SFTP capabilities, allowing you to move files to and from over 30 storage platforms via SFTP.
With a solution like this, that means you can still transfer files involving systems that require FTP while using modern encryption and security standards.
FTPS (FTP over SSL)
Due to the similar naming conventions, there can be some confusion between SFTP and FTPS. SFTP stands for Secure File Transfer Protocol, while FTPS stands for File Transfer Protocol Secure.
The difference is that FTPS adds security to the standard FTP protocol, whereas SFTP is an entirely different protocol albeit with a similar-sounding name.
FTPS allows security through the TLS (Transport Layer Security) protocol and the Secure Sockets Layer (SSL) and is sometimes known as “FTP over SSL”. Like FTP, FTPS requires multiple ports to be open simultaneously, which can make it run into issues with firewalls.
SFTP vs FTPS
As mentioned above, SFTP is inherently encrypted and designed to be both secure and versatile. Whereas FTPS has security added on top of an existing transfer protocol.
With FTPS, a new port is required for each request, which can open up additional vulnerable points, whereas with SFTP, a single port is used, making it much easier to lock down. SFTP offers end-to-end encryption of all information, and, since it only requires one open port, it’s considered the more secure of the two options.
SFTP is also the more versatile of the two. It’s easier to use with firewalls, and SFTP has more commands and controls, such as options for defining file permissions. Since FTP is being replaced by the SFTP protocol and FTPS is FTP over SSL, over time, FTPS will be supported less and less.
SCP
SCP stands for Secure Copy Protocol. It’s a simple and secure file transfer protocol for transferring files. Like SFTP, transfers are done using Secure Shell. There are some differences between SCP and SFTP, but for the end user, these tend to come down to functionality.
The SCP protocol is used exclusively for transferring files, and as a result, tends to be quite fast. However, when looking to do more than a basic file transfer, SCP falls short.
SCP vs SFTP
Unlike SFTP, SCP has fewer commands and is used primarily to copy files between a local host and a remote host or between two remote hosts. SCP is unable to create or list directories or delete files like SFTP. Because of this focus on copying files, in some instances, SCP has faster transfer speeds which can give it an advantage when speed is critical. SCP can also be faster on high-latency networks due to the way it handles file transfers.
The main disadvantages are that SCP is limited in functionality and isn’t supported as widely as SFTP. SCP is also less flexible. For example, if a file with the same name in the same directory is transferred, SCP will overwrite it by default. SFTP clients give options to change the behavior, such as stopping the transfer or making a copy with a different name. Another advantage of SFTP is that it supports resuming file transfers that are interrupted instead of having to restart the entire transfer.
OpenSSH, the open-source implementation of the SSH protocol used in some secure file transfer protocols like SCP and SFTP, writes that “The scp protocol is outdated, inflexible and not readily fixed”, and recommends using something more flexible like SFTP.
Rsync
Rsync (Remote sync) is a Linux-based tool used to sync files between a local and remote server. It was designed to synchronize files to ensure that both a local device and the remote server have the same up-to-date files. Rsync is typically run through a command line and cannot sync files between two remote locations. While designed for Linux, there are several programs as well as online services that allow Rsync to work in other operating systems.
One useful feature of Rsync is that it supports delta transfers, only copying over a file if it has changed since the last transfer. This helps cut back on the amount of data sent and makes Rsync suitable as a backup tool.
Rsync vs SFTP
Both SFTP and Rsync transfer files, but their primary purpose is different. Rsync is meant to ensure that a local device and remote server are “synced” with the latest version of a file, while SFTP is designed for secure file transfers.
Because of this, it’s common for users to make use of both Rsync and SFTP depending on the specific use case. For example, SFTP can handle bulk file transfers, modify directories, and encrypt or decrypt specific files, and Rsync can use scheduled delta transfers to ensure the most up-to-date version is in both the local and remote location.
Couchdrop used to support Rsync but recently transitioned into further optimizing SFTP transfers as SFTP allows for more functionality.
Which of these does Couchdrop support?
Couchdrop supports SFTP, FTP, FTPS, and SCP and recommends using SFTP when possible. Using SFTP allows for the strongest security and fast file transfers.
As mentioned above, FTP is a slower and less secure transfer protocol used primarily before SFTP was developed. So why use FTP at all and why does Couchdrop support it?
Because of compatibility. While SFTP is the de facto way to transfer files, it wasn’t always, so some legacy systems may not support it. If your organization has one of these systems that only supports FTP, we want to make sure that you can still transfer files as needed.
Couchdrop’s granular user account controls can help with this. The secure protocols (SFTP and SCP) are set as a specific service to enable/disable, while FTP and FTPs are separate ones. This means you can enable FTP for specific users that need it, while others can be forced to use a more secure protocol like SFTP.
Try Couchdrop for secure file transfers
If you’re looking for a way to securely transfer files over a network, try Couchdrop. While SFTP is a powerful and versatile method to transfer files, setting up an SFTP server is often a long and complex process, especially when requiring multiple users with different permission levels.
Couchdrop simplifies SFTP and automatically sets up an SFTP server using the credentials you create at signup. The server is fully cloud-hosted and requires no management and integrates directly with your existing cloud storage.
You can start secure file transfers from your existing storage platforms like Dropbox to SharePoint, Google Workspace to Box, or a file server to cloud storage in minutes. User management is handled in the intuitive interface through a web browser. Couchdrop also lets you automate secure file transfers so your files always end up where they need to be at the right time.
Try Couchdrop free for 14 days with no sales call or credit card required. Register for an account now to start your trial and have your SFTP server set up in minutes.